1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

2186 Commits

Author SHA1 Message Date
Stefan Metzmacher
7d8edcc241 s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-24 14:09:02 +02:00
Stefan Metzmacher
505a4e68d9 s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
We should tell dcerpc_pull_auth_trailer() that we only want
auth data.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11982

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-24 14:09:02 +02:00
Stefan Metzmacher
f360f47363 s4:rpc_server: remove unused dcesrv_connection_context->assoc_group
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-06-24 14:09:01 +02:00
Stefan Metzmacher
8a5eaaf6dd s4:rpc_server: remove unused '_unused_auth_state'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-06-24 14:09:01 +02:00
Stefan Metzmacher
9f3bdc8cca s4:rpc_server: context_id fields of presentation contexts are just 16bit
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-06-24 14:09:01 +02:00
Stefan Metzmacher
3f36d31c84 s4:rpc_server: use a variable for the max total reassembled request payload
We still use the same limit of 4 MByte (DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE)
by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 23 04:51:16 CEST 2016 on sn-devel-144
2016-06-23 04:51:16 +02:00
Andrew Bartlett
a896a92444 repl: Avoid excessive stack use and instead sort the links in the heap
The two large stack-based arrays would overflow the stack, this avoids
a duplicate of the struct drsuapi_DsReplicaLinkedAttribute array

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-17 14:13:19 +02:00
Garming Sam
8dc3110a5f getncchanges: Match Windows on linked attribute sort
The order of linked attributes depends on comparison of the NDR packed
GUIDs (not its struct GUID form).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Garming Sam
570237f0f3 getncchanges: sort with precalculated target guid array
This avoids reparsing the linked attribute and schema refetching.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Garming Sam
2ce9f249bb getncchanges: remove some whitespace
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11960
2016-06-17 14:13:18 +02:00
Andrew Bartlett
1a5f0c7a7f s4-samr: Rework GetGroupsForUser to use memberOf
By reading the SID values from the memberOf links, we avoid an un-indexed search on
the member attribute.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Andrew Bartlett
20eb605fee s4-samr: Fix samr.QueryUserInfo level 1 primary group
Because of this typo, the primary group ID was returned as 0

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:12 +02:00
Volker Lendecke
f5e95af59b rpc_server: Fix CID 1362565 Improper use of negative value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-07 14:34:11 +02:00
Andrew Bartlett
0b4c741b9c build: Build less of Samba when building --without-ntvfs-fileserver
We would build, but not use, many components of the NTVFS file server
even when we asked not to.  They would then consume disk, but not be
of any use

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-02 16:36:15 +02:00
Andrew Bartlett
2d9383e1d4 getncchanges: Fill in ctr6.linked_attributes with a pointer to a zero-length array
Our newly run repl_exop tests expect this, matching Windows 2012R2

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-01 10:27:19 +02:00
Andrew Bartlett
b8f32528c7 getncchanges: Use the talloc_stackframe() for tempory memory
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-01 10:27:19 +02:00
Andrew Bartlett
59d6c7c674 getncchanges: Give the correct error when RID_ALLOC fails on an invalid destination_dsa_guid
This is found by our new tests.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-01 10:27:19 +02:00
Andrew Bartlett
dfda45802c rpc_server/drsuapi: Return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-01 10:27:19 +02:00
Dirk Godau
1fd7c28d5f Extend DsBind and DsGetDomainControllerInfo to work with w2k8.
W2K8 Clients ask for DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2 on DsBind. W2K8
expect this to be set (with server fl 2k8) or else they do not call
DsGetDomainControllerInfo.

If DRSUAPI_SUPPORTED_EXTENSION_LH_BETA2 is set, DsGetDomainControllerInfo
must be able to return DCInfo Level 3.

If Samba4 AD ist set to work as 2k8, with >2k8 clients the following
will not work as expected:

  * Group Policy Editor Infrastructure Discovery
  * nltest /dclist:<domain>
  * w32tm /monitor

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9971
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9976

Signed-off-by: Dirk Godau <voidswitch@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu May 26 06:21:10 CEST 2016 on sn-devel-144
2016-05-26 06:21:10 +02:00
Volker Lendecke
5af28c93dc drsuapi: Improve debug in DsWriteAccountSpn
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed May 25 11:34:13 CEST 2016 on sn-devel-144
2016-05-25 11:34:13 +02:00
Garming Sam
e0acee0223 samr4: Remove talloc_asprintf leak onto mem_ctx
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11751

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-11 03:47:04 +02:00
Mantas Mikulėnas
37ef959f37 samr4: Use <SID=%s> in GetAliasMembership
As in commit 841845dea3, this avoids
quoting problems in user DN's.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11751

Signed-off-by: Mantas Mikulėnas <grawity@gmail.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-11 03:47:04 +02:00
Robin Hack
51f221c86e dcesrv_backupkey_heimdal: Fix CID 1321647 - Unchecked return value
Unchecked return value of gnutls_global_init().

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-26 22:48:22 +02:00
Stefan Metzmacher
c0f3f308da CVE-2015-5370: s4:rpc_server: reject DCERPC_PFC_FLAG_PENDING_CANCEL with DCERPC_FAULT_NO_CALL_ACTIVE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:31 +02:00
Stefan Metzmacher
0b1656199a CVE-2015-5370: s4:rpc_server: the assoc_group is relative to the connection (association)
All presentation contexts of a connection use the same association group.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:31 +02:00
Stefan Metzmacher
ad6a5cfd2d CVE-2015-5370: s4:rpc_server: only allow one fragmented call_id at a time
It's a protocol error if the client doesn't send all fragments of
a request in one go.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:31 +02:00
Stefan Metzmacher
4b6197f08c CVE-2015-5370: s4:rpc_server: limit allocation and alloc_hint to 4 MByte
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
6b5144c204 CVE-2015-5370: s4:rpc_server: check frag_length for requests
Note this is not the negotiated fragment size, but a hardcoded maximum.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
aef225aaca CVE-2015-5370: s4:rpc_server: give the correct reject reasons for invalid auth_level values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
818e09fff2 CVE-2015-5370: s4:rpc_server: disconnect after a failing dcesrv_auth_request()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
a30eee5745 CVE-2015-5370: s4:rpc_server: let a failing auth3 mark the authentication as invalid
Following requests will generate a fault with ACCESS_DENIED.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
04e92459a4 CVE-2015-5370: s4:rpc_server: failing authentication should generate a SEC_PKG_ERROR
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
ed066b6ca4 CVE-2015-5370: s4:rpc_server: fix the order of error checking in dcesrv_alter()
The basically matches Windows 2012R2, it's not 100%
but it's enough for our raw protocol tests to pass.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
1f7dc721e7 CVE-2015-5370: s4:rpc_server: changing an existing presentation context via alter_context is a protocol error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
f2dbb1c8b6 CVE-2015-5370: s4:rpc_server: don't derefence an empty ctx_list array in dcesrv_alter()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
909538c885 CVE-2015-5370: s4:rpc_server: remove pointless dcesrv_find_context() from dcesrv_bind()
BIND is the first pdu, which means the list of contexts is always empty.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
57afdaa79b CVE-2015-5370: s4:rpc_server: let invalid request fragments disconnect the connection with a protocol error
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
5cb1250457 CVE-2015-5370: s4:rpc_server: make sure alter_context and auth3 can't change auth_{type,level,context_id}
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
cb8e2abe52 CVE-2015-5370: s4:rpc_server: maintain in and out struct dcerpc_auth per dcesrv_call_state
We should not use one "global" per connection variable to hold the
incoming and outgoing auth_info.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
0ba1b1867c CVE-2015-5370: s4:rpc_server: ensure that the message ordering doesn't violate the spec
The first pdu is always a BIND.

REQUEST pdus are only allowed once the authentication
is finished.

A simple anonymous authentication is finished after the BIND.
Real authentication may need additional ALTER or AUTH3 exchanges.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
c0d74ca7af CVE-2015-5370: s4:rpc_server: verify the protocol headers before processing pdus
On protocol errors we should send BIND_NAK or FAULT and mark the
connection as to be terminated.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
caa1e75661 CVE-2015-5370: s4:rpc_server: add infrastructure to terminate a connection after a response
BIND_NAK or FAULT may mark a connection as to be terminated.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
57b07589e7 CVE-2015-5370: s4:rpc_server: make dcesrv_process_ncacn_packet() static
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
3c6fef3aa5 CVE-2015-5370: s4:rpc_server: return the correct secondary_address in dcesrv_bind()
For now we still force \\PIPE\\ in upper case, we may be able to remove
this and change it in our idl files later. But for now we better
behave like a windows server without changing too much.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
7bde997594 CVE-2015-5370: s4:rpc_server: add some padding to dcesrv_bind_nak() responses
This matches Windows 2012R2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
254048f9a5 CVE-2015-5370: s4:rpc_server: split out a dcesrv_fault_with_flags() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:30 +02:00
Stefan Metzmacher
5c76e84663 CVE-2015-5370: s4:rpc_server: fill context_id in dcesrv_fault()
This depends on the type of the incoming pdu.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00
Stefan Metzmacher
c58dbe45a2 CVE-2015-5370: s4:rpc_server: set alloc_hint = 24 in dcesrv_fault()
This matches a Windows 2012R2 server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00
Stefan Metzmacher
e3c3499a8b CVE-2015-5370: s4:rpc_server: avoid ZERO_STRUCT() in dcesrv_fault()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00
Stefan Metzmacher
e6f6b4be9a CVE-2015-5370: s4:rpc_server: correctly maintain dcesrv_connection->max_{recv,xmit}_frag
These values are controlled by the client but only in a range between
2048 and 5840 (including these values in 8 byte steps).
recv and xmit result always in same min value.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:29 +02:00